After weeks of laborious work, I am glad to share with you the latest version of the Information Security Management System Auditing Guideline. This is the FINAL DRAFT version. No major change is expected prior to publication. However, feel free to PM your comments.

The Guideline is a generic, pragmatic guidance for auditing an organization’s Information Security Management System based from ISO/IEC 27001, covering both the management system and the information security controls.

A template for internal audit use by IT auditors, written by and for practitioners.

Complements the ISO27k (ISO/IEC 27000-series) international standards on information security.